Packages
- bzip2 - high-quality block-sorting file compressor - utilities
Details
vladz discovered that executables compressed by bzexe insecurely create
temporary files when they are ran. A local attacker could exploit this issue to
execute arbitrary code as the user running a compressed executable.
vladz discovered that executables compressed by bzexe insecurely create
temporary files when they are ran. A local attacker could exploit this issue to
execute arbitrary code as the user running a compressed executable.
Update instructions
In general, a standard system update will make all the necessary changes to the bzexe utility. If you have previously used bzexe to compress any executables, they need to be recompressed using the updated version.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 8.04 hardy | bzip2 – 1.0.4-2ubuntu4.2 | ||
| 11.10 oneiric | bzip2 – 1.0.5-6ubuntu1.11.10.1 | ||
| 11.04 natty | bzip2 – 1.0.5-6ubuntu1.11.04.1 | ||
| 10.10 maverick | bzip2 – 1.0.5-4ubuntu1.1 | ||
| 10.04 lucid | bzip2 – 1.0.5-4ubuntu0.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.